Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for SiSDK by Silicon Labs

    CVE-2026-6432 (GCVE-0-2026-6432)

    Vulnerability from nvd – Published: 2026-06-25 13:49 – Updated: 2026-06-25 15:33
    VLAI
    Title
    Improper bounds validation in EmberZNet SDK
    Summary
    Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-130 - Improper Handling of Length Parameter Inconsistency
    Assigner
    References
    Impacted products
    Vendor Product Version
    Silicon Labs SiSDK Affected: 0 , ≤ 2025.12 and earlier (semver)
    Create a notification for this product.
    Credits
    Junming C. (@Chapoly1305) and Prof. Qiang Zeng of George Mason University
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6432",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T15:33:12.084091Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T15:33:19.340Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "EmberZNet",
              "product": "SiSDK",
              "repo": "https://github.com/SiliconLabs/simplicity_sdk",
              "vendor": "Silicon Labs",
              "versions": [
                {
                  "lessThanOrEqual": "2025.12 and earlier",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Junming C. (@Chapoly1305) and Prof. Qiang Zeng of George Mason University"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage."
                }
              ],
              "value": "Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153: Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-130",
                  "description": "CWE-130: Improper Handling of Length Parameter Inconsistency",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T13:49:37.685Z",
            "orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
            "shortName": "Silabs"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "permissions-required"
              ],
              "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pYDOwIAO?operationContext=S1"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/SiliconLabsSoftware/sisdk-release"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Improper bounds validation in EmberZNet SDK",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
        "assignerShortName": "Silabs",
        "cveId": "CVE-2026-6432",
        "datePublished": "2026-06-25T13:49:37.685Z",
        "dateReserved": "2026-04-16T17:02:59.346Z",
        "dateUpdated": "2026-06-25T15:33:19.340Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2815 (GCVE-0-2026-2815)

    Vulnerability from nvd – Published: 2026-06-25 13:27 – Updated: 2026-06-25 14:03
    VLAI
    Title
    Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys
    Summary
    Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-339 - Small seed space in PRNG
    Assigner
    References
    Impacted products
    Vendor Product Version
    Silicon Labs SiSDK Affected: 0 , ≤ 2025.12.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2815",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T14:03:39.954725Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T14:03:49.129Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SiSDK",
              "vendor": "Silicon Labs",
              "versions": [
                {
                  "lessThanOrEqual": "2025.12.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys"
                }
              ],
              "value": "Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-112",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-112 Brute Force"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-339",
                  "description": "CWE-339 Small seed space in PRNG",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T13:27:45.446Z",
            "orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
            "shortName": "Silabs"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "permissions-required"
              ],
              "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000kDYsfIAG?operationContext=S1"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/SiliconLabsSoftware/sisdk-release"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
        "assignerShortName": "Silabs",
        "cveId": "CVE-2026-2815",
        "datePublished": "2026-06-25T13:27:45.446Z",
        "dateReserved": "2026-02-19T16:49:32.148Z",
        "dateUpdated": "2026-06-25T14:03:49.129Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6432 (GCVE-0-2026-6432)

    Vulnerability from cvelistv5 – Published: 2026-06-25 13:49 – Updated: 2026-06-25 15:33
    VLAI
    Title
    Improper bounds validation in EmberZNet SDK
    Summary
    Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-130 - Improper Handling of Length Parameter Inconsistency
    Assigner
    References
    Impacted products
    Vendor Product Version
    Silicon Labs SiSDK Affected: 0 , ≤ 2025.12 and earlier (semver)
    Create a notification for this product.
    Credits
    Junming C. (@Chapoly1305) and Prof. Qiang Zeng of George Mason University
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6432",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T15:33:12.084091Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T15:33:19.340Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "EmberZNet",
              "product": "SiSDK",
              "repo": "https://github.com/SiliconLabs/simplicity_sdk",
              "vendor": "Silicon Labs",
              "versions": [
                {
                  "lessThanOrEqual": "2025.12 and earlier",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Junming C. (@Chapoly1305) and Prof. Qiang Zeng of George Mason University"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage."
                }
              ],
              "value": "Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153: Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-130",
                  "description": "CWE-130: Improper Handling of Length Parameter Inconsistency",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T13:49:37.685Z",
            "orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
            "shortName": "Silabs"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "permissions-required"
              ],
              "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pYDOwIAO?operationContext=S1"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/SiliconLabsSoftware/sisdk-release"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Improper bounds validation in EmberZNet SDK",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
        "assignerShortName": "Silabs",
        "cveId": "CVE-2026-6432",
        "datePublished": "2026-06-25T13:49:37.685Z",
        "dateReserved": "2026-04-16T17:02:59.346Z",
        "dateUpdated": "2026-06-25T15:33:19.340Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2815 (GCVE-0-2026-2815)

    Vulnerability from cvelistv5 – Published: 2026-06-25 13:27 – Updated: 2026-06-25 14:03
    VLAI
    Title
    Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys
    Summary
    Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-339 - Small seed space in PRNG
    Assigner
    References
    Impacted products
    Vendor Product Version
    Silicon Labs SiSDK Affected: 0 , ≤ 2025.12.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2815",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T14:03:39.954725Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T14:03:49.129Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SiSDK",
              "vendor": "Silicon Labs",
              "versions": [
                {
                  "lessThanOrEqual": "2025.12.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys"
                }
              ],
              "value": "Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-112",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-112 Brute Force"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-339",
                  "description": "CWE-339 Small seed space in PRNG",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T13:27:45.446Z",
            "orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
            "shortName": "Silabs"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "permissions-required"
              ],
              "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000kDYsfIAG?operationContext=S1"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/SiliconLabsSoftware/sisdk-release"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
        "assignerShortName": "Silabs",
        "cveId": "CVE-2026-2815",
        "datePublished": "2026-06-25T13:27:45.446Z",
        "dateReserved": "2026-02-19T16:49:32.148Z",
        "dateUpdated": "2026-06-25T14:03:49.129Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }